From 751eff7218883b18628306d1b9f9251ac4b3b361 Mon Sep 17 00:00:00 2001 From: noelmcloughlin Date: Thu, 19 Aug 2021 00:05:27 +0100 Subject: [PATCH 1/2] feat(ordering): optionally append includefiles to main config --- docs/README.rst | 2 +- pillar.example | 6 ++++++ sudoers/defaults.yaml | 1 + sudoers/included/init.sls | 5 +++++ sudoers/{included.sls => included/install.sls} | 4 ++++ test/integration/default/files/_mapdata/almalinux-8.yaml | 1 + test/integration/default/files/_mapdata/amazonlinux-1.yaml | 1 + test/integration/default/files/_mapdata/amazonlinux-2.yaml | 1 + .../default/files/_mapdata/arch-base-latest.yaml | 1 + test/integration/default/files/_mapdata/centos-6.yaml | 1 + test/integration/default/files/_mapdata/centos-7.yaml | 1 + test/integration/default/files/_mapdata/centos-8.yaml | 1 + test/integration/default/files/_mapdata/debian-10.yaml | 1 + test/integration/default/files/_mapdata/debian-11.yaml | 1 + test/integration/default/files/_mapdata/debian-9.yaml | 1 + test/integration/default/files/_mapdata/fedora-31.yaml | 1 + test/integration/default/files/_mapdata/fedora-32.yaml | 1 + test/integration/default/files/_mapdata/fedora-33.yaml | 1 + test/integration/default/files/_mapdata/fedora-34.yaml | 1 + test/integration/default/files/_mapdata/gentoo-2-sysd.yaml | 1 + test/integration/default/files/_mapdata/gentoo-2-sysv.yaml | 1 + test/integration/default/files/_mapdata/opensuse-15.yaml | 1 + .../default/files/_mapdata/opensuse-tumbleweed.yaml | 1 + test/integration/default/files/_mapdata/oraclelinux-7.yaml | 1 + test/integration/default/files/_mapdata/oraclelinux-8.yaml | 1 + test/integration/default/files/_mapdata/rockylinux-8.yaml | 1 + test/integration/default/files/_mapdata/ubuntu-16.yaml | 1 + test/integration/default/files/_mapdata/ubuntu-18.yaml | 1 + test/integration/default/files/_mapdata/ubuntu-20.yaml | 1 + 29 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 sudoers/included/init.sls rename sudoers/{included.sls => included/install.sls} (85%) diff --git a/docs/README.rst b/docs/README.rst index 8a4ade6..1496757 100644 --- a/docs/README.rst +++ b/docs/README.rst @@ -51,7 +51,7 @@ Set up the sudoers file ``sudoers.included`` ^^^^^^^^^^^^^^^^^^^^ -Set up an additional sudoers included file +Set up an additional sudoers included file. Testing diff --git a/pillar.example b/pillar.example index 966a743..45733fd 100644 --- a/pillar.example +++ b/pillar.example @@ -63,3 +63,9 @@ sudoers: netgroups: other_netgroup: - 'ALL=(ALL) ALL' + # ordering is important. The sudoers manpage says when multiple + # entries match, the last match is used. However, if we do not + # manage the main config, our included files may not match last. + # To guarantee included files match last, set 'true' below to append + # each '#include ' to sudoers file. + append_included_files_to_endof_main_config: true diff --git a/sudoers/defaults.yaml b/sudoers/defaults.yaml index 09224b0..bda5a43 100644 --- a/sudoers/defaults.yaml +++ b/sudoers/defaults.yaml @@ -10,3 +10,4 @@ sudoers: execprefix: /usr/sbin includedir: /etc/sudoers.d included_files: {} + append_included_files_to_endof_main_config: false diff --git a/sudoers/included/init.sls b/sudoers/included/init.sls new file mode 100644 index 0000000..d3e5518 --- /dev/null +++ b/sudoers/included/init.sls @@ -0,0 +1,5 @@ +# -*- coding: utf-8 -*- +# vim: ft=sls + +include: + - .install diff --git a/sudoers/included.sls b/sudoers/included/install.sls similarity index 85% rename from sudoers/included.sls rename to sudoers/included/install.sls index 97e8215..cf5da06 100644 --- a/sudoers/included.sls +++ b/sudoers/included/install.sls @@ -40,5 +40,9 @@ sudoers include {{ included_file }}: - file: {{ sudoers.configpath }}/sudoers - require_in: - file: {{ sudoers.includedir }} + {% elif sudoers.append_included_files_to_endof_main_config %} + file.append: + - name: {{ sudoers.configpath }}/sudoers + - text: '#include {{ sudoers.configpath }}/sudoers.d/{{ included_file }}' {% endif %} {% endfor %} diff --git a/test/integration/default/files/_mapdata/almalinux-8.yaml b/test/integration/default/files/_mapdata/almalinux-8.yaml index 4c21eb8..9ad7bf1 100644 --- a/test/integration/default/files/_mapdata/almalinux-8.yaml +++ b/test/integration/default/files/_mapdata/almalinux-8.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/amazonlinux-1.yaml b/test/integration/default/files/_mapdata/amazonlinux-1.yaml index a689dc0..39d4b9e 100644 --- a/test/integration/default/files/_mapdata/amazonlinux-1.yaml +++ b/test/integration/default/files/_mapdata/amazonlinux-1.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/amazonlinux-2.yaml b/test/integration/default/files/_mapdata/amazonlinux-2.yaml index f519fc8..7a9de20 100644 --- a/test/integration/default/files/_mapdata/amazonlinux-2.yaml +++ b/test/integration/default/files/_mapdata/amazonlinux-2.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/arch-base-latest.yaml b/test/integration/default/files/_mapdata/arch-base-latest.yaml index a2a9517..ee86623 100644 --- a/test/integration/default/files/_mapdata/arch-base-latest.yaml +++ b/test/integration/default/files/_mapdata/arch-base-latest.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/centos-6.yaml b/test/integration/default/files/_mapdata/centos-6.yaml index 4238e45..218ffe3 100644 --- a/test/integration/default/files/_mapdata/centos-6.yaml +++ b/test/integration/default/files/_mapdata/centos-6.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/centos-7.yaml b/test/integration/default/files/_mapdata/centos-7.yaml index 7b86d8e..9aca1ea 100644 --- a/test/integration/default/files/_mapdata/centos-7.yaml +++ b/test/integration/default/files/_mapdata/centos-7.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/centos-8.yaml b/test/integration/default/files/_mapdata/centos-8.yaml index 9620af3..279f146 100644 --- a/test/integration/default/files/_mapdata/centos-8.yaml +++ b/test/integration/default/files/_mapdata/centos-8.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/debian-10.yaml b/test/integration/default/files/_mapdata/debian-10.yaml index 5c31c02..1190147 100644 --- a/test/integration/default/files/_mapdata/debian-10.yaml +++ b/test/integration/default/files/_mapdata/debian-10.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/debian-11.yaml b/test/integration/default/files/_mapdata/debian-11.yaml index 1010f71..3439e02 100644 --- a/test/integration/default/files/_mapdata/debian-11.yaml +++ b/test/integration/default/files/_mapdata/debian-11.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/debian-9.yaml b/test/integration/default/files/_mapdata/debian-9.yaml index 0cda77d..abd9e80 100644 --- a/test/integration/default/files/_mapdata/debian-9.yaml +++ b/test/integration/default/files/_mapdata/debian-9.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/fedora-31.yaml b/test/integration/default/files/_mapdata/fedora-31.yaml index 065c42e..72d4ace 100644 --- a/test/integration/default/files/_mapdata/fedora-31.yaml +++ b/test/integration/default/files/_mapdata/fedora-31.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/fedora-32.yaml b/test/integration/default/files/_mapdata/fedora-32.yaml index eb0444f..49e7670 100644 --- a/test/integration/default/files/_mapdata/fedora-32.yaml +++ b/test/integration/default/files/_mapdata/fedora-32.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/fedora-33.yaml b/test/integration/default/files/_mapdata/fedora-33.yaml index 6b34652..e675a7d 100644 --- a/test/integration/default/files/_mapdata/fedora-33.yaml +++ b/test/integration/default/files/_mapdata/fedora-33.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/fedora-34.yaml b/test/integration/default/files/_mapdata/fedora-34.yaml index 8a3f160..cac8f9e 100644 --- a/test/integration/default/files/_mapdata/fedora-34.yaml +++ b/test/integration/default/files/_mapdata/fedora-34.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/gentoo-2-sysd.yaml b/test/integration/default/files/_mapdata/gentoo-2-sysd.yaml index 6d64092..c9667fa 100644 --- a/test/integration/default/files/_mapdata/gentoo-2-sysd.yaml +++ b/test/integration/default/files/_mapdata/gentoo-2-sysd.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/gentoo-2-sysv.yaml b/test/integration/default/files/_mapdata/gentoo-2-sysv.yaml index 6d64092..c9667fa 100644 --- a/test/integration/default/files/_mapdata/gentoo-2-sysv.yaml +++ b/test/integration/default/files/_mapdata/gentoo-2-sysv.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/opensuse-15.yaml b/test/integration/default/files/_mapdata/opensuse-15.yaml index cea5d34..cefe024 100644 --- a/test/integration/default/files/_mapdata/opensuse-15.yaml +++ b/test/integration/default/files/_mapdata/opensuse-15.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml b/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml index 56d4593..a6c8c6d 100644 --- a/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml +++ b/test/integration/default/files/_mapdata/opensuse-tumbleweed.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/oraclelinux-7.yaml b/test/integration/default/files/_mapdata/oraclelinux-7.yaml index 30eb8fc..af582c3 100644 --- a/test/integration/default/files/_mapdata/oraclelinux-7.yaml +++ b/test/integration/default/files/_mapdata/oraclelinux-7.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/oraclelinux-8.yaml b/test/integration/default/files/_mapdata/oraclelinux-8.yaml index 44e9fbf..cd2b938 100644 --- a/test/integration/default/files/_mapdata/oraclelinux-8.yaml +++ b/test/integration/default/files/_mapdata/oraclelinux-8.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/rockylinux-8.yaml b/test/integration/default/files/_mapdata/rockylinux-8.yaml index 6743acb..edde249 100644 --- a/test/integration/default/files/_mapdata/rockylinux-8.yaml +++ b/test/integration/default/files/_mapdata/rockylinux-8.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/ubuntu-16.yaml b/test/integration/default/files/_mapdata/ubuntu-16.yaml index c845ce1..3d5f07f 100644 --- a/test/integration/default/files/_mapdata/ubuntu-16.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-16.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/ubuntu-18.yaml b/test/integration/default/files/_mapdata/ubuntu-18.yaml index a5daca6..61b0809 100644 --- a/test/integration/default/files/_mapdata/ubuntu-18.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-18.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: diff --git a/test/integration/default/files/_mapdata/ubuntu-20.yaml b/test/integration/default/files/_mapdata/ubuntu-20.yaml index 57da8ab..aaa99fb 100644 --- a/test/integration/default/files/_mapdata/ubuntu-20.yaml +++ b/test/integration/default/files/_mapdata/ubuntu-20.yaml @@ -20,6 +20,7 @@ values: - millert - dowdy - mikef + append_included_files_to_endof_main_config: false arch: amd64 configpath: /etc defaults: From 38126a31a6c27266111e96a02252a6e845fcb8f1 Mon Sep 17 00:00:00 2001 From: noelmcloughlin Date: Thu, 19 Aug 2021 00:52:57 +0100 Subject: [PATCH 2/2] ci(appended): add second test suite --- .gitlab-ci.yml | 8 +-- kitchen.yml | 20 ++++++++ sudoers/included/install.sls | 16 ++++-- test/integration/appended/README.md | 50 +++++++++++++++++++ .../integration/appended/controls/_mapdata.rb | 47 +++++++++++++++++ test/integration/appended/controls/config.rb | 38 ++++++++++++++ test/integration/appended/controls/package.rb | 9 ++++ .../appended/files/_mapdata/almalinux-8.yaml | 29 +++++++++++ .../files/_mapdata/amazonlinux-1.yaml | 29 +++++++++++ .../files/_mapdata/amazonlinux-2.yaml | 29 +++++++++++ .../files/_mapdata/arch-base-latest.yaml | 29 +++++++++++ .../appended/files/_mapdata/centos-6.yaml | 29 +++++++++++ .../appended/files/_mapdata/centos-7.yaml | 29 +++++++++++ .../appended/files/_mapdata/centos-8.yaml | 29 +++++++++++ .../appended/files/_mapdata/debian-10.yaml | 29 +++++++++++ .../appended/files/_mapdata/debian-11.yaml | 29 +++++++++++ .../appended/files/_mapdata/debian-9.yaml | 29 +++++++++++ .../appended/files/_mapdata/fedora-31.yaml | 29 +++++++++++ .../appended/files/_mapdata/fedora-32.yaml | 29 +++++++++++ .../appended/files/_mapdata/fedora-33.yaml | 29 +++++++++++ .../appended/files/_mapdata/fedora-34.yaml | 29 +++++++++++ .../files/_mapdata/gentoo-2-sysd.yaml | 29 +++++++++++ .../files/_mapdata/gentoo-2-sysv.yaml | 29 +++++++++++ .../appended/files/_mapdata/opensuse-15.yaml | 29 +++++++++++ .../files/_mapdata/opensuse-tumbleweed.yaml | 29 +++++++++++ .../files/_mapdata/oraclelinux-7.yaml | 29 +++++++++++ .../files/_mapdata/oraclelinux-8.yaml | 29 +++++++++++ .../appended/files/_mapdata/rockylinux-8.yaml | 29 +++++++++++ .../appended/files/_mapdata/ubuntu-16.yaml | 29 +++++++++++ .../appended/files/_mapdata/ubuntu-18.yaml | 29 +++++++++++ .../appended/files/_mapdata/ubuntu-20.yaml | 29 +++++++++++ test/integration/appended/inspec.yml | 27 ++++++++++ test/salt/pillar/appended.sls | 19 +++++++ 33 files changed, 921 insertions(+), 9 deletions(-) create mode 100644 test/integration/appended/README.md create mode 100644 test/integration/appended/controls/_mapdata.rb create mode 100644 test/integration/appended/controls/config.rb create mode 100644 test/integration/appended/controls/package.rb create mode 100644 test/integration/appended/files/_mapdata/almalinux-8.yaml create mode 100644 test/integration/appended/files/_mapdata/amazonlinux-1.yaml create mode 100644 test/integration/appended/files/_mapdata/amazonlinux-2.yaml create mode 100644 test/integration/appended/files/_mapdata/arch-base-latest.yaml create mode 100644 test/integration/appended/files/_mapdata/centos-6.yaml create mode 100644 test/integration/appended/files/_mapdata/centos-7.yaml create mode 100644 test/integration/appended/files/_mapdata/centos-8.yaml create mode 100644 test/integration/appended/files/_mapdata/debian-10.yaml create mode 100644 test/integration/appended/files/_mapdata/debian-11.yaml create mode 100644 test/integration/appended/files/_mapdata/debian-9.yaml create mode 100644 test/integration/appended/files/_mapdata/fedora-31.yaml create mode 100644 test/integration/appended/files/_mapdata/fedora-32.yaml create mode 100644 test/integration/appended/files/_mapdata/fedora-33.yaml create mode 100644 test/integration/appended/files/_mapdata/fedora-34.yaml create mode 100644 test/integration/appended/files/_mapdata/gentoo-2-sysd.yaml create mode 100644 test/integration/appended/files/_mapdata/gentoo-2-sysv.yaml create mode 100644 test/integration/appended/files/_mapdata/opensuse-15.yaml create mode 100644 test/integration/appended/files/_mapdata/opensuse-tumbleweed.yaml create mode 100644 test/integration/appended/files/_mapdata/oraclelinux-7.yaml create mode 100644 test/integration/appended/files/_mapdata/oraclelinux-8.yaml create mode 100644 test/integration/appended/files/_mapdata/rockylinux-8.yaml create mode 100644 test/integration/appended/files/_mapdata/ubuntu-16.yaml create mode 100644 test/integration/appended/files/_mapdata/ubuntu-18.yaml create mode 100644 test/integration/appended/files/_mapdata/ubuntu-20.yaml create mode 100644 test/integration/appended/inspec.yml create mode 100644 test/salt/pillar/appended.sls diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dcea8a8..da5e135 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -137,19 +137,19 @@ rubocop: # default-rockylinux-8-tiamat-py3: {extends: '.test_instance'} default-debian-11-master-py3: {extends: '.test_instance'} default-debian-10-master-py3: {extends: '.test_instance'} -default-debian-9-master-py3: {extends: '.test_instance'} +appended-debian-9-master-py3: {extends: '.test_instance'} default-ubuntu-2004-master-py3: {extends: '.test_instance'} default-ubuntu-1804-master-py3: {extends: '.test_instance'} default-centos-8-master-py3: {extends: '.test_instance'} -default-centos-7-master-py3: {extends: '.test_instance'} +appended-centos-7-master-py3: {extends: '.test_instance'} default-fedora-34-master-py3: {extends: '.test_instance'} default-fedora-33-master-py3: {extends: '.test_instance'} default-opensuse-leap-153-master-py3: {extends: '.test_instance'} -default-opensuse-leap-152-master-py3: {extends: '.test_instance'} +appended-opensuse-leap-152-master-py3: {extends: '.test_instance'} default-opensuse-tmbl-latest-master-py3: {extends: '.test_instance'} default-amazonlinux-2-master-py3: {extends: '.test_instance'} default-oraclelinux-8-master-py3: {extends: '.test_instance'} -default-oraclelinux-7-master-py3: {extends: '.test_instance'} +appended-oraclelinux-7-master-py3: {extends: '.test_instance'} default-arch-base-latest-master-py3: {extends: '.test_instance'} default-gentoo-stage3-latest-master-py3: {extends: '.test_instance'} default-gentoo-stage3-systemd-master-py3: {extends: '.test_instance'} diff --git a/kitchen.yml b/kitchen.yml index 7d23efe..b0bb366 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -448,3 +448,23 @@ suites: verifier: inspec_tests: - path: test/integration/default + - name: appended + provisioner: + state_top: + base: + '*': + - sudoers._mapdata + - sudoers + - sudoers.included + pillars: + top.sls: + base: + '*': + - kitchen + - sudoers + pillars_from_files: + kitchen.sls: test/salt/pillar/kitchen.sls + sudoers.sls: test/salt/pillar/appended.sls + verifier: + inspec_tests: + - path: test/integration/appended diff --git a/sudoers/included/install.sls b/sudoers/included/install.sls index cf5da06..28f0cf6 100644 --- a/sudoers/included/install.sls +++ b/sudoers/included/install.sls @@ -18,13 +18,13 @@ include: {% set included_files = sudoers.included_files %} {% for included_file, spec in included_files.items() -%} + {%- if '/' not in included_file %} + {%- set included_file = sudoers.includedir ~ '/' ~ included_file %} + {%- endif %} + sudoers include {{ included_file }}: file.managed: - {% if '/' in included_file %} - name: {{ included_file }} - {% else %} - - name: {{ sudoers.includedir }}/{{ included_file }} - {% endif %} - user: root - group: {{ sudoers.group }} - mode: 440 @@ -40,9 +40,15 @@ sudoers include {{ included_file }}: - file: {{ sudoers.configpath }}/sudoers - require_in: - file: {{ sudoers.includedir }} + {% elif sudoers.append_included_files_to_endof_main_config %} + +sudoers append {{ included_file }}: file.append: - name: {{ sudoers.configpath }}/sudoers - - text: '#include {{ sudoers.configpath }}/sudoers.d/{{ included_file }}' + - text: '#include {{ included_file }}' + - require: + - file: sudoers include {{ included_file }} {% endif %} + {% endfor %} diff --git a/test/integration/appended/README.md b/test/integration/appended/README.md new file mode 100644 index 0000000..978a783 --- /dev/null +++ b/test/integration/appended/README.md @@ -0,0 +1,50 @@ +# InSpec Profile: `appended` + +This shows the implementation of the `appended` InSpec [profile](https://github.com/inspec/inspec/blob/master/docs/profiles.md). + +## Verify a profile + +InSpec ships with built-in features to verify a profile structure. + +```bash +$ inspec check appended +Summary +------- +Location: appended +Profile: profile +Controls: 4 +Timestamp: 2019-06-24T23:09:01+00:00 +Valid: true + +Errors +------ + +Warnings +-------- +``` + +## Execute a profile + +To run all **supported** controls on a local machine use `inspec exec /path/to/profile`. + +```bash +$ inspec exec appended +.. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +8 examples, 0 failures +``` + +## Execute a specific control from a profile + +To run one control from the profile use `inspec exec /path/to/profile --controls name`. + +```bash +$ inspec exec appended --controls package +. + +Finished in 0.0025 seconds (files took 0.12449 seconds to load) +1 examples, 0 failures +``` + +See an [example control here](https://github.com/inspec/inspec/blob/master/examples/profile/controls/example.rb). diff --git a/test/integration/appended/controls/_mapdata.rb b/test/integration/appended/controls/_mapdata.rb new file mode 100644 index 0000000..0b0c7ac --- /dev/null +++ b/test/integration/appended/controls/_mapdata.rb @@ -0,0 +1,47 @@ +# frozen_string_literal: true + +require 'yaml' + +control 'sudoers._mapdata' do + title '`map.jinja` should match the reference file' + + ### Method + # The steps below for each file appear convoluted but they are both required + # and similar in nature: + # 1. The earliest method was to simply compare the files textually but this often + # led to false positives due to inconsistencies (e.g. spacing, ordering) + # 2. The next method was to load the files back into YAML structures and then + # compare but InSpec provided block diffs this way, unusable by end users + # 3. The final step was to dump the YAML structures back into a string to use + # for the comparison; this both worked and provided human-friendly diffs + + ### Comparison file for the specific platform + ### Static, adjusted as part of code contributions, as map data is changed + # Strip the `platform[:finger]` version number down to the "OS major release" + platform_finger = system.platform[:finger].split('.').first.to_s + # Use that to set the path to the file (relative to the InSpec suite directory) + mapdata_file_path = "_mapdata/#{platform_finger}.yaml" + # Load the mapdata from profile, into a YAML structure + # https://docs.chef.io/inspec/profiles/#profile-files + mapdata_file_yaml = YAML.load(inspec.profile.file(mapdata_file_path)) + # Dump the YAML back into a string for comparison + mapdata_file_dump = YAML.dump(mapdata_file_yaml) + + ### Output file produced by running the `_mapdata` state + ### Dynamic, generated during Kitchen's `converge` phase + # Derive the location of the dumped mapdata (differs for Windows) + output_dir = platform[:family] == 'windows' ? '/temp' : '/tmp' + # Use that to set the path to the file (absolute path, i.e. within the container) + output_file_path = "#{output_dir}/salt_mapdata_dump.yaml" + # Load the output into a YAML structure using InSpec's `yaml` resource + # https://github.com/inspec/inspec/blob/49b7d10/lib/inspec/resources/yaml.rb#L29 + output_file_yaml = yaml(output_file_path).params + # Dump the YAML back into a string for comparison + output_file_dump = YAML.dump(output_file_yaml) + + describe 'File content' do + it 'should match profile map data exactly' do + expect(output_file_dump).to eq(mapdata_file_dump) + end + end +end diff --git a/test/integration/appended/controls/config.rb b/test/integration/appended/controls/config.rb new file mode 100644 index 0000000..e8e1db6 --- /dev/null +++ b/test/integration/appended/controls/config.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +control 'Sudoers configuration' do + title 'should match desired lines' + + describe file('/etc/sudoers') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('content') { should include '#include /etc/sudoers.d/extra-file1' } + its('content') { should include '#include /etc/sudoers.d/extra-file2' } + its('content') { should include '#include /etc/sudoers.d/extra-file3' } + end + + describe file('/etc/sudoers.d/extra-file1') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0440' } + its('content') { should include 'foo ALL=(ALL) ALL' } + end + + describe file('/etc/sudoers.d/extra-file2') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0440' } + its('content') { should include '%bargroup ALL=(ALL) NOPASSWD: ALL' } + end + + describe file('/etc/sudoers.d/extra-file3') do + it { should be_file } + it { should be_owned_by 'root' } + it { should be_grouped_into 'root' } + its('mode') { should cmp '0440' } + its('content') { should include '+other_netgroup ALL=(ALL) ALL' } + end +end diff --git a/test/integration/appended/controls/package.rb b/test/integration/appended/controls/package.rb new file mode 100644 index 0000000..e83d035 --- /dev/null +++ b/test/integration/appended/controls/package.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +control 'Sudo package' do + title 'should be installed' + + describe package('sudo') do + it { should be_installed } + end +end diff --git a/test/integration/appended/files/_mapdata/almalinux-8.yaml b/test/integration/appended/files/_mapdata/almalinux-8.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/almalinux-8.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/amazonlinux-1.yaml b/test/integration/appended/files/_mapdata/amazonlinux-1.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/amazonlinux-1.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/amazonlinux-2.yaml b/test/integration/appended/files/_mapdata/amazonlinux-2.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/amazonlinux-2.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/arch-base-latest.yaml b/test/integration/appended/files/_mapdata/arch-base-latest.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/arch-base-latest.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/centos-6.yaml b/test/integration/appended/files/_mapdata/centos-6.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/centos-6.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/centos-7.yaml b/test/integration/appended/files/_mapdata/centos-7.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/centos-7.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/centos-8.yaml b/test/integration/appended/files/_mapdata/centos-8.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/centos-8.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/debian-10.yaml b/test/integration/appended/files/_mapdata/debian-10.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/debian-10.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/debian-11.yaml b/test/integration/appended/files/_mapdata/debian-11.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/debian-11.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/debian-9.yaml b/test/integration/appended/files/_mapdata/debian-9.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/debian-9.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/fedora-31.yaml b/test/integration/appended/files/_mapdata/fedora-31.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/fedora-31.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/fedora-32.yaml b/test/integration/appended/files/_mapdata/fedora-32.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/fedora-32.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/fedora-33.yaml b/test/integration/appended/files/_mapdata/fedora-33.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/fedora-33.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/fedora-34.yaml b/test/integration/appended/files/_mapdata/fedora-34.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/fedora-34.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/gentoo-2-sysd.yaml b/test/integration/appended/files/_mapdata/gentoo-2-sysd.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/gentoo-2-sysd.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/gentoo-2-sysv.yaml b/test/integration/appended/files/_mapdata/gentoo-2-sysv.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/gentoo-2-sysv.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/opensuse-15.yaml b/test/integration/appended/files/_mapdata/opensuse-15.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/opensuse-15.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/opensuse-tumbleweed.yaml b/test/integration/appended/files/_mapdata/opensuse-tumbleweed.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/opensuse-tumbleweed.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/oraclelinux-7.yaml b/test/integration/appended/files/_mapdata/oraclelinux-7.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/oraclelinux-7.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/oraclelinux-8.yaml b/test/integration/appended/files/_mapdata/oraclelinux-8.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/oraclelinux-8.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/rockylinux-8.yaml b/test/integration/appended/files/_mapdata/rockylinux-8.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/rockylinux-8.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/ubuntu-16.yaml b/test/integration/appended/files/_mapdata/ubuntu-16.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/ubuntu-16.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/ubuntu-18.yaml b/test/integration/appended/files/_mapdata/ubuntu-18.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/ubuntu-18.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/files/_mapdata/ubuntu-20.yaml b/test/integration/appended/files/_mapdata/ubuntu-20.yaml new file mode 100644 index 0000000..4709d13 --- /dev/null +++ b/test/integration/appended/files/_mapdata/ubuntu-20.yaml @@ -0,0 +1,29 @@ +# yamllint disable rule:indentation rule:line-length +# AlmaLinux-8 +--- +values: + append_included_files_to_endof_main_config: true + arch: amd64 + configpath: /etc + execprefix: /usr/sbin + group: root + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - ALL=(ALL) ALL + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - ALL=(ALL) ALL + includedir: /etc/sudoers.d + manage_main_config: false + pkg: sudo + purge_includedir: false + users: + kitchen: + - 'ALL=(root) NOPASSWD: ALL' diff --git a/test/integration/appended/inspec.yml b/test/integration/appended/inspec.yml new file mode 100644 index 0000000..8c9089d --- /dev/null +++ b/test/integration/appended/inspec.yml @@ -0,0 +1,27 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +name: appended +title: sudoers formula +maintainer: SaltStack Formulas +license: Apache-2.0 +summary: Verify that the sudoers formula is setup and configured correctly +depends: + - name: share + path: test/integration/share +supports: + - platform-name: debian + - platform-name: ubuntu + - platform-name: centos + - platform-name: fedora + - platform-name: opensuse + - platform-name: suse + - platform-name: freebsd + - platform-name: openbsd + - platform-name: amazon + - platform-name: oracle + - platform-name: arch + - platform-name: gentoo + - platform-name: almalinux + - platform-name: rocky + - platform: windows diff --git a/test/salt/pillar/appended.sls b/test/salt/pillar/appended.sls new file mode 100644 index 0000000..85566bc --- /dev/null +++ b/test/salt/pillar/appended.sls @@ -0,0 +1,19 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml +--- +sudoers: + manage_main_config: false + included_files: + /etc/sudoers.d/extra-file1: + users: + foo: + - 'ALL=(ALL) ALL' + /etc/sudoers.d/extra-file2: + groups: + bargroup: + - 'ALL=(ALL) NOPASSWD: ALL' + /etc/sudoers.d/extra-file3: + netgroups: + other_netgroup: + - 'ALL=(ALL) ALL' + append_included_files_to_endof_main_config: true